Re: [Cfrg] Requesting removal of CFRG co-chair

Tao Effect <> Tue, 24 December 2013 03:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 834AD1AE3B8 for <>; Mon, 23 Dec 2013 19:30:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vF6rf-CRrweX for <>; Mon, 23 Dec 2013 19:29:58 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 938801AE3A7 for <>; Mon, 23 Dec 2013 19:29:58 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id CAA5D63406E; Mon, 23 Dec 2013 19:29:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to;; bh=D1g+gAo2S9F/AfL9C vcN7K6Zt2I=; b=AIrcH575VVTXEOIJlCxk35uGu8KwzjQg+W47Xcc+Zxli3LSnr +nu+wXk9bJeRaFktohhGcIPH6YePM+xpWQbJFNZByxfzYscpuq4FQR30YyO0FjoG 6Qu8kLa5kan/Qpju/rdNaaQMlWPjI6AVmPK28/+zqza3+3RKFBnsjdJeJg=
Received: from [] ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id AF92A634064; Mon, 23 Dec 2013 19:29:53 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_52F62798-5426-4047-B3D3-16964144B3AA"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Tao Effect <>
In-Reply-To: <>
Date: Mon, 23 Dec 2013 22:29:51 -0500
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
To: John Viega <>
X-Mailer: Apple Mail (2.1827)
Cc: "" <>
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Dec 2013 03:30:01 -0000

Just to be clear: I *do not care* if "Kevin" is an alias.

That, on its own, does not matter to me at all.

What matters to me is:

1. Whether the recommendations made by the CFRG are good.

That's it.

Because I do not spend my time analyzing the mathematical details of cryptography, but rather defer that to folks who specialize specifically in that and whom I trust to do a good job of it, I, and 99.999% of the people in the same boat on this planet, need to know:

1. Are the people making these recommendations honest?
2. Are the people making these recommendations transparent?
3. Are they trustworthy?
4. Do they have the best interests of those using their recommendations at heart?
5. Do they know what they're talking about?

If the answer is "No" to any of those questions, then this organization has failed its stated purpose, which is:

The CFRG serves as a bridge between theory and practice, bringing new cryptographic techniques to the Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational RFCs (in the tradition of, e.g., RFC 1321 (MD5) and RFC 2104 (HMAC). Our goal is to provide a forum for discussing and analyzing general cryptographic aspects of security protocols, and to offer guidance on the use of emerging mechanisms and new uses of existing mechanisms. IETF working groups developing protocols that include cryptographic elements are welcome to bring questions concerning the protocols to the CFRG for advice.


Had Kevin been introduced as: "Hi, I'm Kevin from the NSA. BTW, my employer wants to subvert everything your organization does. And, also, that's not my real name."

Well, then I don't think we'd be having this discussion, and there'd be no problem.


Please do not email me anything that you are not comfortable also sharing with the NSA.

On Dec 23, 2013, at 9:49 PM, John Viega <> wrote:

> Whether Mr. Igoe is using an alias or is a composite is, I think, irrelevant to anything other than his credentials for getting the job in the first place (and, I’m quite sure he’s real).
> I think it’s reasonable to hold the opinion that this discussion is silly and overhyped.  I think there’s a good chance that Mr. Igoe had no subversive intent whatsoever.  I also don’t see how an IRTF working group chair can, with high probability, subvert the process (though that doesn’t mean it isn’t possible).  
> However, I would ask people who are annoyed by the discussion to realize that public perception is important.  The fact that people are coming out of the woodwork to comment just emphasizes that many people perceive this as an issue (though I don’t consider myself coming as out of the woodwork— I’ve been lurking for years, and have definitely posted a few times in the past).
> To me, the most important thing the group can do is address how it makes sure to protect from subversive actors.  If we had a clear answer there, then I think it matters far less who the chair is, because we can give outside eyes a better comfort level.  I don’t think it’s productive to be dismissive of the concern, even if you do not agree.
> John
> On Dec 23, 2013, at 9:15 PM, Tao Effect <> wrote:
>> On Dec 23, 2013, at 9:05 PM, Richard Barnes <> wrote:
>>> Kevin is a regular IETF attendee, and an author of several RFCs.  
>> I never questioned that his name appears on several RFCs.
>> I even linked to such an RFC. :-)
>> It's just starting to become rather obvious that whoever is carrying this name around, probably considers it to either be an alias.
>> And even if that's not the case, it seems rather strange that someone who is serving as co-chair of an organization that makes recommendations to the world about the cryptography that it uses, appears to be rather difficult to hold accountable for the accusations that have been levied against him by multiple people in this thread.
>> So, the members of the CFRG might not be real people and don't seem to have any accountability? Is this the moral of the story?
>> It's also interesting to see some of the replies to my innocent questions.
>> Here's one from Stephen Farrell, it can be summarized entirely like so: "Oh FFS. Please cut the crap."
>> Here's one from John Bradley: "+1 Stephen's comment"
>> Some substance, gentlemen, please? This is not Facebook. It's easy to disturb the air with exclamations, but it's not a nice thing to do when your empty replies land hundreds? of inboxes.
>> Cheers,
>> Greg
>> --
>> Please do not email me anything that you are not comfortable also sharing with the NSA.
>>> He is most definitely a real person.  
>>> --Richard
>> _______________________________________________
>> Cfrg mailing list